All releases tagged Minor security fixes
Release Notes: This version of Apache is principally a security and bugfix release. Notably, it bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern that may be triggered by some third party modules.
Release Notes: mod_proxy_ftp now prevents XSS attacks when using wildcards in the path of the FTP URL.
Release Notes: mod_proxy_http has been changed to better handle excessive interim responses from the origin server to prevent potential denial of service and high memory usage. mod_proxy_balancer has been changed to prevent CSRF attacks against the balancer-manager interface.
Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.
Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.
Release Notes: A flaw was found in the mod_proxy_balancer module that permitted a cross-site scripting attack against an authorized user. A flaw was found in the mod_proxy_balancer module that allowed an authorized user to send a carefully crafted request that would cause the Apache child process handling that request to crash. A flaw was found in the mod_status module that allowed a cross-site scripting attack. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publically available, a cross-site scripting attack was possible.
Release Notes: This version of Apache is a security fix release only. A possible XSS attack against a site with a public server-status page and ExtendedStatus enabled was fixed. Apache now ensures that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data.
Release Notes: This is principally a bug and security fix release. It fixes an off-by-one flaw in the mod_rewrite module.
Release Notes: This release contains fixes for htdbm, mod_deflate, mod_proxy, mod_proxy_balancer, and mod_dbd. Additionally, the reading of uninitialized memory while reading a line of protocol input is prevented and the Expect error message is HTML-escaped.
Release Notes: This version is principally a bug and security fix release.
